Apple acknowledges Mac Defender malware, promises software update

After avoiding making any public acknowledgment of the recent Mac Defender …

Apple has decided to publicly acknowledge the Mac Defender malware that seems to be creeping onto Mac users' computers. The company posted an online support document Tuesday evening that outlines how to identify and get rid of the program, which attempts to trick users into handing over their credit card information. The company also promised to issue a software update soon that will specifically hunt out and remove Mac Defender and its variants.

"A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus," Apple wrote in its support document. "In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware."

The much-welcome acknowledgement from Apple comes less than a week after it came out that real users were beginning to see this malware in the wild a little more often than usual. When we investigated the issue, we were told by several Apple Store Geniuses that they had also seen a spike—one Genius at a large Apple Store said he had seen malware reports in his store go from approximately 0.2 to percent to 5.8 percent in a matter of weeks, with the large majority of those being Mac Defender or its variants, often known as Mac Security or Mac Protector. (Smaller, third-party support folks were somewhat split on whether there had been a spike in malware reports.)

At the time, one of the more controversial aspects of Apple's reaction was that there was none—Apple had instructed its AppleCare and retail staff not to even acknowledge Mac Defender's existence, and not to remove it from users' infected computers.

Now, however, the company has apparently had a change of heart. In the support doc, Apple says to trash the app immediately if you haven't installed it yet, but if you have, there's a series of steps to follow in order to get rid of it. And, of course, there's also the lazy route: if you have Mac Defender installed but haven't given it your credit card information yet, you could just wait for Apple to issue its software update and have it removed automatically. Or, you can use the Mac Defender removal tool from Icrontic.

Jacqui Cheng
Jacqui is an Editor at Large at Ars Technica, where she has spent the last eight years writing about Apple culture, gadgets, social networking, privacy, and more. Emailjacqui@arstechnica.com//Twitter@eJacqui